This is an automated email from the ASF dual-hosted git repository. mgrigorov pushed a commit to branch wicket-7.x in repository https://gitbox.apache.org/repos/asf/wicket.git
The following commit(s) were added to refs/heads/wicket-7.x by this push: new 24b540e WICKET-6668 Sign out the existing session if a sign in attempt has failed 24b540e is described below commit 24b540ecbdb700c5edcd5fe382103eccb692a547 Author: Martin Tzvetanov Grigorov <mgrigo...@apache.org> AuthorDate: Thu May 16 08:43:07 2019 +0300 WICKET-6668 Sign out the existing session if a sign in attempt has failed (cherry picked from commit ce5a62a7a61f684f53ab43660421ce9e5c5cdfcc) --- .../authroles/authentication/AuthenticatedWebSession.java | 8 ++++++-- .../wicket/examples/authentication1/SignInSession.java | 12 +++++------- .../wicket/examples/authentication2/SignIn2Session.java | 12 +++++------- .../examples/authentication3/MyAuthenticatedWebSession.java | 7 +++---- .../org/apache/wicket/examples/library/LibrarySession.java | 10 +++++----- 5 files changed, 24 insertions(+), 25 deletions(-) diff --git a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java index f11d718..c61b62e 100644 --- a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java +++ b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java @@ -65,11 +65,15 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe { boolean authenticated = authenticate(username, password); - if (authenticated && signedIn.compareAndSet(false, true)) + if (!authenticated && signedIn.get()) + { + signOut(); + } + else if (authenticated && signedIn.compareAndSet(false, true)) { bind(); } - return signedIn.get(); + return authenticated; } /** diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java index 18f3a99..19d3ead 100644 --- a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java @@ -27,6 +27,8 @@ import org.apache.wicket.request.Request; */ public final class SignInSession extends AuthenticatedWebSession { + private static final String USERNAME_PASSWORD = "wicket"; + /** Trivial user representation */ private String user; @@ -53,15 +55,11 @@ public final class SignInSession extends AuthenticatedWebSession @Override public final boolean authenticate(final String username, final String password) { - final String WICKET = "wicket"; + user = null; - if (user == null) + if (USERNAME_PASSWORD.equalsIgnoreCase(username) && USERNAME_PASSWORD.equalsIgnoreCase(password)) { - // Trivial password "db" - if (WICKET.equalsIgnoreCase(username) && WICKET.equalsIgnoreCase(password)) - { - user = username; - } + user = username; } return user != null; diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java index 5333ac7..6f84c1a 100644 --- a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java @@ -27,6 +27,8 @@ import org.apache.wicket.request.Request; */ public final class SignIn2Session extends AuthenticatedWebSession { + private static final String USERNAME_PASSWORD = "wicket"; + /** Trivial user representation */ private String user; @@ -55,15 +57,11 @@ public final class SignIn2Session extends AuthenticatedWebSession @Override public final boolean authenticate(final String username, final String password) { - final String WICKET = "wicket"; + user = null; - if (user == null) + if (USERNAME_PASSWORD.equalsIgnoreCase(username) && USERNAME_PASSWORD.equalsIgnoreCase(password)) { - // Trivial password "db" - if (WICKET.equalsIgnoreCase(username) && WICKET.equalsIgnoreCase(password)) - { - user = username; - } + user = username; } return user != null; diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java index 4309eef..b959b00 100644 --- a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java @@ -29,6 +29,8 @@ import org.apache.wicket.request.Request; */ public class MyAuthenticatedWebSession extends AuthenticatedWebSession { + private static final String USERNAME_PASSWORD = "wicket"; + /** * Construct. * @@ -47,10 +49,7 @@ public class MyAuthenticatedWebSession extends AuthenticatedWebSession @Override public boolean authenticate(final String username, final String password) { - final String WICKET = "wicket"; - - // Check username and password - return WICKET.equals(username) && WICKET.equals(password); + return USERNAME_PASSWORD.equals(username) && USERNAME_PASSWORD.equals(password); } /** diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java b/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java index 0340698..8b6ec07 100644 --- a/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java @@ -30,12 +30,14 @@ import org.apache.wicket.request.Request; */ public final class LibrarySession extends AuthenticatedWebSession { + private static final String USERNAME_PASSWORD = "wicket"; + // Logged in user private User user; /** * Constructor - * + * * @param request * The current request object */ @@ -47,7 +49,7 @@ public final class LibrarySession extends AuthenticatedWebSession /** * Checks the given username and password, returning a User object if if the username and * password identify a valid user. - * + * * @param username * The username * @param password @@ -57,9 +59,7 @@ public final class LibrarySession extends AuthenticatedWebSession @Override public final boolean authenticate(final String username, final String password) { - final String WICKET = "wicket"; - - if (WICKET.equalsIgnoreCase(username) && WICKET.equalsIgnoreCase(password)) + if (USERNAME_PASSWORD.equalsIgnoreCase(username) && USERNAME_PASSWORD.equalsIgnoreCase(password)) { // Create User object final User user = new User();